I wrote a TCP connect to scan the IP address of the baidu, can scan to port 80, but with good TCO_SYN scan results, don't know why? Code process was conducted by socker raw socket programming, first send the structure of the SYN packet, and then received packet parsing, see if TCP packets, then according to the return of RST or acks instructions to determine whether the port open,,,, but received the agreement shows the 10 package, not the value of TCP 6. And, the following code



# include "stdafx. H"
#include
#include
#include
# include "mstcpip. H"
# pragma comment (lib, "ws2_32. Lib")

Char * DestIpAddr="14.215.177.37";

Typedef struct IpHeader {

Unsigned char Version_HLen;
Unsigned char TOS.
Unsigned short Length;
Unsigned short Ident.
Unsigned short Flags_Offset;
Unsigned TTL.
Unsigned char Protocol;
Unsigned short Checksum.
Unsigned int SourceAddr;
Unsigned int DestinationAddr;
} Ip_Header;

A sign of//TCP
# define URG 0 x20.
# define ACK 0 x10;
# define PSH 0 x08;
# define RST 0 x04;
# define the SYN 0 x02;
# define FIN 0 x01;

Typedef struct TcpHeader {

USHORT SrcPort;
USHORT DstPort;
Unsigned int SequenceNum;
Unsigned int Acknowledgment;
Unsigned char HdrLen;
Unsigned char Flags;
USHORT AdvertisedWindow;
USHORT Checksum.
USHORT UrgPtr;
} Tcp_Header;

Int PacketAnalyzer (char *);
Int SendTCPSYNPacket (int);

Int _tmain (int arg c, _TCHAR * argv [])
{

WSADATA WSADATA;
The SOCKET RecSocket;
LARGE_INTEGER nFreq;
LARGE_INTEGER StartTime.
LARGE_INTEGER EndTime;
HANDLE hCon;

Int PortStart=80;
Int PortEnd=90;
Char RecvBuffer [65535]={0};
Char Name [255].
Struct hostent * pHostent;

DWORD dwBufferLen [10].
DWORD dwBufferInLen=1;
DWORD dwByteReturned=0;

Int Result;
If (Result=WSAStartup (MAKEWORD (2, 1), & amp; WsaData)!=0)
{
Printf (" WSAStartup error, % d ", Result);
return -1;
}

RecSocket=socket (AF_INET SOCK_RAW, IPPROTO_IP);
If (RecSocket==INVALID_SOCKET)
{
Printf (" socket failed, % d \ n ", WSAGetLastError ());
Closesocket (RecSocket);
return -1;
}

Result=gethostname (Name, 255);
If (Result==SOCKET_ERROR)
{
Printf (" gethostname failed, % d \ n ", WSAGetLastError ());
Closesocket (RecSocket);
return -1;
}

PHostent=(struct hostent *) malloc (sizeof (struct hostent));
PHostent=gethostbyname (Name);

SOCKADDR_IN sock.
The sock. Sin_family=AF_INET;
The sock. Sin_port=htons (5555);
Memcpy (& amp; The sock. Sin_addr. S_un S_addr, pHostent - & gt; H_addr_list [0], pHostent - & gt; H_length);

Result=bind (RecSocket, (PSOCKADDR) & amp; The sock, sizeof (sock));
If (Result==SOCKET_ERROR)
{
Printf (" bind failed, % d \ n ", WSAGetLastError ());
Closesocket (RecSocket);
return -1;
}

//set the SOCK_RAW to SIO_RCVALL
Result=WSAIoctl (RecSocket SIO_RCVALL, & amp; DwBufferInLen, sizeof (dwBufferInLen), dwBufferLen, sizeof (dwBufferLen)

, & amp; DwByteReturned, NULL, NULL);
If (Result==SOCKET_ERROR)
{
Printf (" WSAIoctl failed, % d \ n ", WSAGetLastError ());
Closesocket (RecSocket);
return -1;
}

HCon=GetStdHandle (STD_OUTPUT_HANDLE);
CONSOLE_SCREEN_BUFFER_INFO bInfo;
GetConsoleScreenBufferInfo (hCon, & amp; BInfo);
If (QueryPerformanceFrequency (& amp; NFreq))
{
//get the timer values
The QueryPerformanceCounter (& amp; StartTime);
//loop scanning each port
For (int p=PortStart; p <=PortEnd; P++)
{

//send the tectonic TCPSYN package
SendTCPSYNPacket (p);
//loop to monitor whether there is a packet arrived at
While (true)
{
Memset (RecvBuffer, 0, sizeof (RecvBuffer));
Result=recv (RecSocket RecvBuffer, 65535, 0).
If (Result==SOCKET_ERROR)
{
Printf (" recv failed, % d \ n ", WSAGetLastError ());
Closesocket (RecSocket);
return -1;
}
Result=PacketAnalyzer (RecvBuffer);

If (Result==0)
continue;
The else
break;
}
SetConsoleTextAttribute hCon, (14);
//get the timer values
The QueryPerformanceCounter (& amp; The EndTime);
}
}

Double flnterval=EndTime. QuadPart - StartTime. QuadPart;
Printf (" Total Time: % FMS \ n ", flnterval * 1000/(double) nFreq QuadPart);
SetConsoleTextAttribute (hCon, bInfo. WAttributes);
If (closesocket (RecSocket)==SOCKET_ERROR)
{
Printf (" closesocket failed, % d \ n ", WSAGetLastError ());
return -1;
}

If (WSACleanup ()==SOCKET_ERROR)
{
Printf (" WSACleanup error, % d ", WSAGetLastError ());
return -1;
}
system("pause");
return 0;
}


USHORT checksum (USHORT * buffer, int size)
{
Unsigned long cksum=0;
While (size & gt; 1)
{
Cksum +=* buffer++;
Size -=sizeof (USHORT);
}
If (size)
{
Cksum +=* (UCHAR *) buffer;
}
Cksum=(cksum & gt;> 16) + (cksum & amp; 0 XFFFF);
Cksum +=(cksum & gt;> 16);
Return (USHORT) (~ cksum);
}

nullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnullnull